diff --git a/policy/modules/services/snort.te b/policy/modules/services/snort.te
index 70f240c..c1a806f 100644
--- a/policy/modules/services/snort.te
+++ b/policy/modules/services/snort.te
@@ -37,6 +37,7 @@ allow snort_t self:netlink_route_socket { bind create getattr nlmsg_read read wr
 allow snort_t self:tcp_socket create_stream_socket_perms;
 allow snort_t self:udp_socket create_socket_perms;
 allow snort_t self:packet_socket create_socket_perms;
+allow snort_t self:socket create_socket_perms;
 # Snort IPS node. unverified.
 allow snort_t self:netlink_firewall_socket { bind create getattr };
 
@@ -59,6 +60,7 @@ kernel_read_kernel_sysctls(snort_t)
 kernel_read_sysctl(snort_t)
 kernel_list_proc(snort_t)
 kernel_read_proc_symlinks(snort_t)
+kernel_request_load_module(snort_t)
 kernel_dontaudit_read_system_state(snort_t)
 
 corenet_all_recvfrom_unlabeled(snort_t)
@@ -76,6 +78,9 @@ corenet_tcp_connect_prelude_port(snort_t)
 dev_read_sysfs(snort_t)
 dev_read_rand(snort_t)
 dev_read_urand(snort_t)
+# Red Hat bug 559861: Snort wants read, write, and ioctl on /dev/usbmon
+# Snort uses libpcap, which can also monitor USB traffic. Maybe this is a side effect?
+dev_rw_generic_usb_dev(snort_t)
 
 domain_use_interactive_fds(snort_t)